Home
  •  

The machine account cannot be found

The_machine_account_cannot_be_found_5_Rule (Rule)

Knowledge Base article:

Summary

UserEnv experienced an error applying Group Policy to the domain controller. Group Policy must be applied successfully for domain controllers to function properly because domain controllers get several critical permissions, such as Access this computer from network, through policy.

Because of the architecture of UserEnv, Microsoft Operations Manager (MOM) is unable to directly report the specific problem.

Sample Event:

Windows cannot find the machine account, %1.

Causes

Possible causes include:

Resolutions

For more information, see the UserEnv log file. UserEnv logging is not enabled by default. To enable UserEnv logging, see article 221833, “How to enable user environment debug logging in retail builds of Windows” in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=25636. The log file provides details about the specific error.

External

Element properties:

TargetMicrosoft.Windows.Server.2012.R2.AD.DomainControllerRole
CategoryEventCollection
EnabledTrue
Event_ID1097
Event SourceMicrosoft-Windows-GroupPolicy
Alert GenerateFalse
RemotableTrue
Event LogSystem
CommentMom2005ID='{0A60E2D9-9F78-4F53-B2DD-0A21DA018E2E}';MOM2005GroupID=

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default

Source Code:

<Rule ID="The_machine_account_cannot_be_found_5_Rule" Comment="Mom2005ID='{0A60E2D9-9F78-4F53-B2DD-0A21DA018E2E}';MOM2005GroupID=" Enabled="true" Target="AD2012R2Core!Microsoft.Windows.Server.2012.R2.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>System</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>1097</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>Microsoft-Windows-GroupPolicy</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>

    <WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>

  </WriteActions>

</Rule>